During the pandemic, many companies set up fast VPN tunnels to enable safe work in the home office. Often, however, concessions were made, which malicious hackers are now exploiting.
When more and more employees were sent to the home office during the corona pandemic, companies often had no choice but to set up so-called Virtual Private Networks (VPNs) in a hurry. These make it possible to access the company networks and thus programs and files from outside via a secure connection. However, due to the prevailing time pressure and the lack of experience in managing such connections, concessions were made - a fact that hackers are increasingly exploiting for their attacks.
Vulnerabilities in VPN tunnels
Even in the second year of the pandemic, there are still security gaps in VPN tunnels and it can unfortunately be assumed that nothing will change anytime soon. The danger posed by insecure VPN connections will continue to increase. Also this winter, if the number of infections increases, more people are likely to work from home again and the number of vulnerable connections will increase. The problem in many companies is the lack of experience with the technology. While security gaps in Windows and other conventional attack vectors are known, attacks on VPN connections are still uncharted territory for many IT professionals.
APT attack types on VPN tunnels
In a presentation at the Black Hat Europe congress, security researchers from Mandiant have now presented the most widespread attacks on VPN tunnels. At least eight APT attack types pursue the goal of cyber espionage (Advanced Persistent Threat, APT for short, refers to particularly complex and targeted attacks). Attacks in which ransomware is to be smuggled into the networks are also not uncommon. VPN tunnels without activated two-factor authentication are particularly susceptible to hacker attacks. Add insecure or multiple passwords to make life easier for criminals.
VPN software with security flaws
In addition to the errors when setting up the VPN connections, there are security gaps in the software itself, which have to be closed with updates. Unfortunately, not all companies are aware of this, which means that avoidable points of attack remain. Therefore, all companies should realize that a one-time setup of a VPN tunnel is not enough. Like any other part of a network, the VPN connection must be maintained and serviced in order to be permanently secure - even if external employees are temporarily unable to access the network.
More at 8com.de
About 8com The 8com Cyber Defense Center effectively protects the digital infrastructures of 8coms customers from cyber attacks. It includes security information and event management (SIEM), vulnerability management and professional penetration tests. It also offers the setup and integration of an Information Security Management System (ISMS) including certification according to current standards. Awareness measures, security training and incident response management round off the offer.